Security Basics mailing list archives
AW: File Encryption - Laptop
From: Meidinger Chris <chris.meidinger () badenit de>
Date: Mon, 15 Sep 2003 17:43:31 +0100
EFS only encrypts specific files and folders. Also the keys are local on the hard drive (silly thing that). EFS ist not considered secure (at least not by anyone that i know.) It is designed for transparent encryption to prevent one user of a computer from accessing files from another. If you should decide to use it make sure to designate a recovery agent. Otherwise the files are lost should you delete or lose the profile. I recently was looking for a similar solution, though i needed something more complicated (search this group for my posts with title Secure Boot Manager if interested) and found 2 excellent products: Safe Boot Pro/Enterprise from www.safeboot.com Drive Crypt from SecurStar GmbH www.drivecrypt.com Of those two i preferred safe boot. It is also a true enterprise solution, allowing you to remotly manage machines, create groups, install the software, and change settings from a central console. We did not end up buying it, but i would have recommended it had it fit my peculiar needs (was trying to hide 2 OS's from one another) Hope this was a help, Chris Meidinger badenIT GmbH System Support Tel. +49 761 279 2280 Fax. +49 761 279 2200 Tullastrasse 70 79108 Freiburg Deutschland -----Ursprüngliche Nachricht----- Von: Sean Earp [mailto:smearp () mac com] Gesendet: Samstag, 13. September 2003 03:11 An: Ethan Harris Cc: security-basics () securityfocus com Betreff: Re: File Encryption - Laptop Ethan- Windows 2000 (and XP Pro) have this functionality built in (It's called EFS - or Encrypting File System), and it is designed for EXACTLY the reason you specify. It requires that the hard drive be formatted as NTFS, and one of the previously mentioned Operating Systems. Microsoft has written up a decent overview of the functionality and setup at <http://www.microsoft.com/windows2000/techinfo/planning/security/ efssteps.asp>. Windows 98 is NOT a secure operating system by ANY stretch of the imagination and you can not use EFS with it. Even password protecting the machine offers you NO protection, as you can bypass the password by simply hitting the escape key. You could upgrade these machines to Windows 2000 or XP, or someone else on the list may know of a third party utility that may provide the functionality you are looking for. Good luck, -Sean On Friday, September 12, 2003, at 07:53 AM, Ethan Harris wrote:
Hi all, I'm fairly new to the secuirty world, but have been recently asked by my company to find a product that will be able encrypt files on a PC (mostly Win98 and Win2k based), especially on laptops. They want an extra layer of security in case any of these machines get stolen. Thanks in advance for the input.
--------------------------------------------------------------------------- Captus Networks Are you prepared for the next Sobig & Blaster? - Instantly Stop DoS/DDoS Attacks, Worms & Port Scans - Precisely Define and Implement Network Security - Automatically Control P2P, IM and Spam Traffic FIND OUT NOW - FREE Vulnerability Assessment Toolkit http://www.captusnetworks.com/ads/42.htm ---------------------------------------------------------------------------- --------------------------------------------------------------------------- Captus Networks Are you prepared for the next Sobig & Blaster? - Instantly Stop DoS/DDoS Attacks, Worms & Port Scans - Precisely Define and Implement Network Security - Automatically Control P2P, IM and Spam Traffic FIND OUT NOW - FREE Vulnerability Assessment Toolkit http://www.captusnetworks.com/ads/42.htm ----------------------------------------------------------------------------
Current thread:
- AW: File Encryption - Laptop Meidinger Chris (Sep 15)
- Re: AW: File Encryption - Laptop Sean Earp (Sep 15)
- Re: AW: File Encryption - Laptop Kamal Habayeb (Sep 16)
- <Possible follow-ups>
- Re: AW: File Encryption - Laptop Ethan Harris (Sep 15)
- Re: AW: File Encryption - Laptop Sean Earp (Sep 15)